Show TOC Start of Content Area

Background documentation Server Configuration and Administration  Locate the document in its SAP Library structure

Below are the main aspects of the configuration and administration of the AS ABAP server for the Business Client.

Cockpits

Configuration of Cockpits

Role Maintenance

Role maintenance using the profile generator (transaction PFCG) is used for the configuration of all roles displayed in the Business Client.

You have to use transaction SM30 to make the following settings in the SSM_CUST table to enable the maintenance of additional attributes and details in PFCG.

 

Name

Value

ADD_MENU_DETAILS

YES

CONDENSE_MENU

NO

PFCG Menu Maintenance

The following menu types are supported by SAP NetWeaver Business Client:

      URLs (Web addresses or files)

      BSP applications

      Generic Web addresses (URL templates)

      Web Dynpro applications

      Transactions

Note

All other menu types cannot be displayed in SAP NetWeaver Business Client.

Merging Menu Trees

If a user is assigned to multiple roles (single or composite roles) for which the same menu is specified, the Business Client runtime ensures that multiple entries of the same menu item do not appear.

Note

Note that in the SSM_CUST table the CONDENSE_MENU parameter is either set to NO or is not available at all.

Scripting Settings

Make sure that your server is configured for user scripting as described in Note 480149.

Note

Note that these settings are only required if you need to run an integrated SAP GUI:

We recommend that you make the settings described in Note 1136338:

sapgui/user_scripting_set_readonly=FALSE

sapgui/user_scripting_disable_recording=FALSE

Caution

These two parameters must not be set to TRUE.

Internet Communication Manager (ICM)

The Internet Communication Manager (ICM) enables communication between your SAP system and the Internet using the usual protocols (HTTP, HTTPS) for the Business Client applications.

      HTTP/HTTPS

The Business Client uses HTTP or HTTPS. HTTP or HTTPS must therefore be set in the ICM (more information: Displaying and Changing Services).

      A Web Dispatcher must be placed before the AS ABAP system(s)

You can only access the Web dispatcher using HTTPS, and therefore all the certificates for the different identities visible to the Internet proxies must be installed.

The Web dispatcher uses HTTP to access AS ABAP.

Configure the HTTPURLLOC table in accordance with the information in URL Generation in an AS ABAP - Web Dispatcher Configuration.

Internet Communication Framework (ICF)

At Internet Communication Framework level (ICF level), settings are required for applications based on the BSP and/or Web Dynpro programming model. The nodes for these applications are all active in the ICF service tree. These activations are valid for the whole system and are not client-dependent. We therefore recommend that you use virtual hosts - one virtual host for each client. You should also configure the sap_default host so that it is valid only for client 000. Then only one link to these services is needed in each virtual client.

In addition, the various cockpits are configured within the ICF. Each cockpit is defined as a subnode under /sap/bc/dal.

Example

Node examples:

/sap/bc/dal/demoA

/sap/bc/dal/KYKDAL

A subnode must be active so that the cockpit can work.

For BSP or Web Dynpro applications in the Business Client, the relevant BSP/Web Dynpro-specific nodes must be active in the ICF service tree. For more information on BSP settings, see Prerequisites in Administration of Business Server Pages. For more information on Web Dynpro ABAP settings, see Initial Configuration Steps in Web Dynpro for ABAP Configuration. See also Note 517484, Note 1009930, and Note 1008689.

It is best that application groups and customers do not work under the path /sap/bc. In such cases you can also create new paths: /myCustomer/.../nwbc/myCockpit. For nwbc nodes, the CL_NWBC_HTTP_EXTENSION NWBC runtime handler must be configured. Here also, access over the myCockpit node is monitored – it must be available and active. In addition, the system logon must be configured.

Note

Note the information about the namespace.
More information: Namespaces and Naming Conventions.

See also:

Setting Up a New Cockpit

Security

The HTTP stack supports many different techniques for handling user logons and password changes. The system logon already used for BSP and Web Dynpro ABAP is also available for the Business Client.

To use this, SSO2 cookies must be configured and activated. At present the Business Client uses SSO2 cookies for authentication purposes in the canvas area.

Note

We strongly recommend that you use HTTPS.

See also:

Business Client Security Issues

Fully Qualified Domain Names (FQDN)

Fully qualified domain names are strictly required to ensure that the Business Client runs smoothly, as is also the case for BSP and Web Dynpro ABAP.

FQDNs are necessary for the following reasons:

      One domain is required with which cookies can be set domain-wide, for instance, SSO2 cookies.

      Domain relaxation code is required for cross-frame JavaScript.

      In an HTTPS environment, client and server names must correspond to each other for certificates and for the SSL protocol.

Note that the domain in which the AS ABAP is run is not necessarily the FQDN used to access the AS ABAP from the browser. A typical example is an AS ABAP that runs both in the Intranet and in the Internet. In a case like this, the FQDN is determined by the position of the browser relative to the AS ABAP and not by the AS ABAP itself.

More information: Fully Qualified Domain Names (FQDN).

Host Name Conventions

If authentication using single sign-on or stateful applications are not working, it is often because the host and/or domain names do not reflect standard naming.

There are Internet standards that define the naming conventions for domain names. It often comes down to a question of how strictly your browser implements the rules.
More information: SAP Note 654982.

Below is a summary of the rules.

      Domains with the extensions com, edu, net, org, gov, mil, or int must contain at least one additional domain part. This is normally the name of the company or organization.

      Domains with other extensions, including national top-level domains such as de, uk, or fr, must have at least two additional domain parts. In the case of top-level domains for countries, browsers often accept domains with just one additional domain part. However, for other, non-standard top-level domains, two additional domain parts are required.

Caution

Note that FQDNs are used (see above) and that underscores ( _) are not supported for host names.

URL Generation

More information: URL Generation in an AS-ABAP - Web Dispatcher Configuration

Note

Note that no IP addresses can be used in INI files. Only host names can be used. However, you can write the host names to the INI files and use /etc/host-Files to resolve the corresponding IP addresses.

Profile Parameter for Replacing SAP Easy Access Menu

You can use the start_menu profile parameter (transaction RZ10) to replace the SAP Easy Access menu with another screen.

For information on changing profile parameters, see Changing and Switching Profile Parameters. The authorizations required to change profile parameters are described in Maintaining Profiles.

Note

We recommend that you replace the default start menu, S000, with a different screen.

 

 

End of Content Area